BASH security vulnerability
ki7mt
ki7mt at yahoo.com
Wed Oct 8 20:48:01 UTC 2014
Hi Marc,
If I were to make a stand against using *Nix as my OS of choice, the
Shellshock problem would not be my final stand.
Test : (complements of our FOSS friends):
In a "Bash Shell" :-), type:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo
Bash is vulnerable!' bash -c "echo && echo Dont panic, your bash is ok!
&& echo"
Latest version of Bash is 4.3.11
Info: Link: http://www.ubuntu.com/usn/usn-2362-1/
aka: The issue is already corrected in Ubuntu:
I am an advocate of Linux / FOSS in general. I would much rather have
10's of thousand of folks looking at suspect code, rather than rely on
the "word of" a supplier who says "we have a handle on it". If there is
any doubt about risk assessment, one only needs to look at the Security
fixes publish from one to the other.
I monitor (just for personal information) NIST and Ubuntu USN, have done
for a long time. I dont recall ever having seen nor read about this
issue actually causing a major breach. Not to say it hasn't happened,
only that I've not seen nor read about it. If you really need expert
advise, I would recommend contacting Canonical directly for a commercial
statement.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Info: Link: http://www.ubuntu.com/usn/
Just MHO.
73's
Greg, KI7MT
On 10/08/2014 01:26 PM, Marc Tremblay wrote:
> I can't believe I left that out of my email.
>
> The Shellshock vulnerability.
>
> I apologize for that.
>
> -----Original Message-----
> From: lubuntu-users-bounces at lists.ubuntu.com [mailto:lubuntu-users-bounces at lists.ubuntu.com] On Behalf Of John Niendorf
> Sent: October-08-14 3:25 PM
> To: lubuntu-users at lists.ubuntu.com
> Subject: Re: BASH security vulnerability
>
> Hi Marc,
>
> Just to be clear, what vulnerability do you mean?
>
> John
>
> On 10/08/2014 09:22 PM, Marc Tremblay wrote:
>> Hello,
>>
>>
>>
>> I work for a school board in Montreal, Quebec and we are transitioning
>> over to GAFE. This transition has allowed the acceptance of Ubuntu
>> (Lubuntu) as a perfect solution for converting our older labs which
>> painfully run on Windows 7.
>>
>>
>>
>> In a meeting this morning the issue of the BASH security vulnerability
>> was brought up as a reason not to go the Ubuntu open source route. I
>> need to find out if this security vulnerability is something we should
>> be worried about to the point of not moving forward with this project.
>> It would mean 1000 of computers being sent for recycling instead of
>> repurposing them with FOSS.
>>
>>
>>
>> Any thoughts??
>>
>>
>>
>> Marc Tremblay
>>
>> Educational Services Dept
>>
>> Lester B. Pearson School Board
>>
>> 1925 Brookdale
>>
>> Dorval, H9P 2Y7
>>
>>
>>
>> mtremblay at lbpsb.qc.ca <mailto:mtremblay at lbpsb.qc.ca>
>>
>>
>>
>>
>>
> --
> Lubuntu-users mailing list
> Lubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20141008/02ff3be9/attachment.html>
More information about the Lubuntu-users
mailing list